d65820ce9c04c12d09c0bbbeedc42647eb6e7bfc9805f16505c62b4becc7fdfc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d65820ce9c04c12d09c0bbbeedc42647eb6e7bfc9805f16505c62b4becc7fdfc
Size

45KB
Sample

221201-vjjkjada91
MD5

719795a5b243a08be5dfc9f36476812d
SHA1

fa3265ce0bcc726c502d7e4137dafa5a0c23a6f6
SHA256

d65820ce9c04c12d09c0bbbeedc42647eb6e7bfc9805f16505c62b4becc7fdfc
SHA512

a77a32b6cdfe89a743c2cce67e487dc0705d3b0b9697f09d8dbd852f2e2d4a5cbaeffbc97c837cc01ed33b0ab92c98eb766d2a80e06a5525c170988fbe50d464
SSDEEP

768:zYCz83dWuU1g/p685vkbLUVkviRE7VsrCr7SGYhwtEE37NH/tq+rVI6y:fiW6UlbLjf8CrOfitEqNVlVI6y

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  d65820ce9c04c12d09c0bbbeedc42647eb6e7bfc9805f16505c62b4becc7fdfc
- Size
  
  45KB
- MD5
  
  719795a5b243a08be5dfc9f36476812d
- SHA1
  
  fa3265ce0bcc726c502d7e4137dafa5a0c23a6f6
- SHA256
  
  d65820ce9c04c12d09c0bbbeedc42647eb6e7bfc9805f16505c62b4becc7fdfc
- SHA512
  
  a77a32b6cdfe89a743c2cce67e487dc0705d3b0b9697f09d8dbd852f2e2d4a5cbaeffbc97c837cc01ed33b0ab92c98eb766d2a80e06a5525c170988fbe50d464
- SSDEEP
  
  768:zYCz83dWuU1g/p685vkbLUVkviRE7VsrCr7SGYhwtEE37NH/tq+rVI6y:fiW6UlbLjf8CrOfitEqNVlVI6y
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Modifies WinLogon
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2